Views:

TrendAI Vision One™ enables sharing of suspicious object data with Palo Alto Panorama through a Service Gateway.

Configure sharing of suspicious object data with this integration through a Service Gateway.
Note
Note
Integration requires configuring at least one Service Gateway with the Suspicious Object Exchange Service.
For more information, see Service Gateway Management.

Procedure

  1. Configure settings on TrendAI Vision One™.
    1. In TrendAI Vision One™, go to Workflow and AutomationThird-Party Integrations.
    2. Locate and click the Palo Alto Panorama card.
    3. Use the toggle to enable or disable the integration.
    4. Review the Legal Statement and click Accept or Close to continue.
    5. Under Data Transfer, configure data sharing criteria and integration settings.
      1. Risk level: Select the risk level of the suspicious object data to include in the shared data.
      2. Frequency: Select the frequency for sharing suspicious object data.
      3. URL parameters: Select whether to remove query strings from URLs.
    6. Under Service Gateway Connection, configure the connection between the Service Gateway and the integration.
      1. Click Connect.
        The Service Gateway Connection panel appears.
      2. Select a Service Gateway installed with the Suspicious Object Exchange Service.
      3. Configure the integration server settings.
      4. Click Test Connection to verify if the settings are valid.
      5. Click Connect.
        The connection configuration is added to the list.
      6. Click the Generate Now icon (GenerateNowIcon=GUID-60CE3573-F37D-4CD3-9E0A-74C7DCBF3525.png) to generate suspicious object data sharing files immediately.
      7. Hover over the Copy URL icon (ServiceGatewayCopyIcon=GUID-EE08C798-0F99-467B-996A-93D14044BF0E.png) to copy the suspicious object data sharing URLs to use on your integration.
    7. Repeat the previous step to add multiple connection configurations for this integration.
    8. Click Save.
  2. Configure settings on your integration.
    Note
    Note
    The following steps were performed using version 8.0 of the PAN-OS web interface.
    If you are using a different version, refer to the documentation for your version.
    1. In the PAN-OS web interface, go to ObjectsExternal Dynamic Lists.
    2. Click Add.
    3. Configure the external dynamic list.
      1. Name: Type a name for the list.
      2. Type: Select Domain List or URL List.
      3. Description: Type a description to help you identify this list.
      4. Source: Paste the suspicious object data sharing URL that you obtained from the TrendAI Vision One™ console.
      5. Check for updates: Select the interval at which this external dynamic list checks for updates.
        Tip
        Tip
        TrendAI™ recommends matching the update interval to the suspicious object data sharing Frequency configured on TrendAI Vision One™.
      6. (Optional) Click Test Source URL to test if the URL is accessible.
      7. Click OK.
      Your Palo Alto Panorama appliance is configured to retrieve suspicious object data from the TrendAI Vision One™ Service Gateway.
    4. Repeat the previous step to add an external dynamic list configuration for the type you did not configure.